1. Configuring enrollment settings
It’s now time for us to move on to talking about Intune. Microsoft’s MDM solution is now called intune. MDM is mobile device management. And the concept here with an MDM solution is to help us control the different devices and application settings people use on those devices, wherever they are. Okay, so one of the big things now these days—you may have heard this acronym before—is BYOD, which means Bring Your Own Device. And companies are allowing users to do this more and more these days. And so it’s extremely important for us to have a way to control those devices, or a measure of control over those devices.
Now, again, one thing I want to say is that MDM is not a spy product. It’s not going to let me read people’s text messages, listen to voicemail, or look at their videos, photos, or any of that. This is mostly used to control the settings on their device, as well as the apps that are installed on it. Another thing would be to make sure the devices are up-to-date as well and set some policies in place. Okay, so we’re now moving into this concept of enrollment with Intune so the devices can be managed through Intune. Now there are some prerequisites in order to do all of this.
So what we want to do is look at some of these prerequisites as we start to talk about enrollment. Okay? So to start with, here I am on Portal.Azure.com, and I’m going to go to the menu bar here. We’re going to click Azure Active Directory. Okay. And we will start with devices right here, this Devices Blade, which you’ve heard me mention a little earlier in one of my lessons. I just want to put it all in one place for you here, everything about this enrollment stuff, okay? So I’ll go ahead and click Device Settings, and then we’ll make sure that users can participate in Azure advertising, okay? Because Azure is usually going to play a role in Intune, right? It’s going to be your directory service.
So I’ve already turned that on. You saw me turn that on in a previous lesson. As a result, users can participate in Azure advertising. So one of the things I want to point out—and I’ll be telling you more about this later—is that I can use Intune with the help of End Point Manager and all that to force devices to get enrolled, and I’m going to talk more about how I can do that later. But ultimately, when they do get enrolled, they’re going to get enrolled under the authority of the user’s Azure advertising account. So if you’ve got a user named John Smith that’s logging on, it’s going to be his account that’s going to get linked into Intune. Okay, so this is why it says users may join. Now is it possible for a userto join on behalf of another user. Yes. And we’re going to talk about that as something called a DEEM, a Device Enrollment Manager. But ultimately, most of the time, it’s going to be the user’s Azure AD account that’s enrolling in and getting managed through Intune. Okay, so this is the first setting I wanted to show you.
Okay, let’s jump back over to Azure ads again. Let’s just start by clicking the menu bar again. We’ll go to Azure, and now what we’re going to do is we’re going to look at this mobility blade, okay? Now the mobility blade is going to help us confirm that Azure AD is going to allow its users to be managed through Intune. Keep in mind that Intune is not the only MDM solution out there. You can get third-party solutions, but of course, Intune is Microsoft’s solution. Okay? So we’re going to confirm here that we’re going to go to Microsoft Intune. We’re just going to confirm that we’re allowing it to be managed. Now you will notice that, by default, Intune is not set to configure your users. Yet there are two things that Intune is providing us with. Intune offers MDM (mobile device management) and Mam (mobile application management). Now what’s the difference? MDM allows the Intune solution to manage all the device settings.
Okay? Then Mam allows Intune to manage all of the applications on the device, such as restricting them, uninstalling them, forcing them to be installed, keeping them updated, and so on. This is similar to your little on/off switch in an Active Directory for confirming that you’re allowing Intune to manage your devices, users, and devices. Okay? So I could do everything or just some of it. I’m going to do something that’s going to let me pick and choose who gets managed. I’m going to say everything for both Mam and MDM. So this is very important. This is a prerequisite, something you want to remember for the exam—that you have to confirm using the mobility blade here in order for that to take effect. So I’m going to hit save. And now I’ve officially confirmed that Intune is going to be managing these users.
Okay? The next thing I want to show you here is that we’re going to go back over to Azure Active Directory. You’ve seen me do this before, but I want to remind you because company branding is important. You cannot have devices enrolled unless company branding is done. Okay? So I’ve gone here. If you did not have anything here, you would have a new button. I’ve already got one, so I’m going to click on it. And the absolute requirement to do this is right here. It says sign-in page text. You have to have sign-in page text. You can spruce everything up and make it look nice with banners and all that good stuff. But the absolute requirement is the sign-in tax. If you do not have sign-in text, It will not allow devices to be enrolled. OK, so that is a requirement. So I’ve already gotten that done. All right.
And then finally, the next thing I want to show you involves licenses. Okay? So, for the time being, we’ll remain in Azure Active Directory. We’re going to click on the licences button here and look at our licenses. So I’m going to click on every product. When it comes to tuning, I prefer to use an analogy. It’s kind of like going to a fast-food restaurant like McDonald’s. OK, you can go to McDonald’s and order just a hamburger, right? You could order just the fries or just the drink, or you could get the meal. Okay, so most of Microsoft’s licences work that way, especially if they involve security. You can order them ala carte if you want, right? In other words, I could get Just in Tune if I wanted, and I could pay a fee based on a subscription fee per user that uses it, okay? Or Microsoft has a package deal, and that package deal is called EMS Enterprise Mobility Plus Security.
Now, if you guys are doing this with one of your own tenants or whatever, you can actually get a trial of Enterprise Ability Plus Security. All you have to do is click “Try it right here” and you can activate your free trial. Okay? So you do that, you say “activate,” and Microsoft is going to let you activate for 90 days, and they’re going to give you 250 licences to play with. It’s pretty cool. So you can give that a shot. Let’s see what all those Enterprising Plus Security offers you. Okay, now let’s look at service plan details, and you’ll notice you get all of these items here if you have the Enterprise Mobility Plus Security plan, which we’re going to be talking more about as we move along here in the course. But the key that I want to focus on right now is this guy right here, Microsoft Intune.
Okay? So in order for a user to be managed through Intune, we have to make sure that they have a license. So if we come back over here where it says “License for All Products,” click on it. Actually, you could have just clicked on “License Users” as well. And at that point, you’ll see all the users that are licensed. Okay, so I can click Assign Licenses, but keep in mind that if I want to assign this license, I also have to make sure that the user has a usage location. So let’s go back over to Azure Active Directory again, and let’s click on Users. OK? and we are going to licence John Smith. So we’re going to click on John Smith. In order to licence John Smith, he has to have a usage location, which he does. So there he goes.
United States. All right. So I just wanted to show you that if Auser lacks a usage location, you can go to Canalways Edit and add one. You can also automate giving all your users the same usage location with PowerShell if you want. That’s going to be the easiest way to do it with PowerShell. Okay, so I’m going to jump back now. We’ll go back over to Azure Active Directory again, and we’ll go back into licenses. All right. And then we’ll go to all products and click on Enterprise Ability Plus Security. And John Smith has already gotten the license, so he’s good. Okay, but if we wanted to assign to another user, we could. All we have to do is come over here, specify the user we want, make sure they have a usage location, and we can click the assign button. So it’s really easy to do that. So, guys, those are the minimum requirements in order to get enrollment going. As we move forward with this enrollment lesson, I want to make sure that we understand the bare minimum requirements and that some of those things may appear as questions on your test, so make sure you understand what those requirements are.
2. Configuring Device Enrollment Restrictions
Okay, so here I am on endpoint.microsoft.com. Now. This is the conclusion. Manager. And just to kind of remind you again of what Endpoint Manager is, this is the newer interface that Microsoft has created for managing both Intune as well as if you had SCCM or the Endpoint Config Big Manager, as they’re calling it now. Okay? So it used to be that you had the Intune console, and that was done over on.
You would go into that portal, azure.com. You’d go to All Services and then search, all right? From there, you’d go straight into Intune. So this is sort of the older way to do it. You’re going to find that you have all these options in End Point Manager; it’s just navigated slightly differently, but it’s very similar. So you’ll probably find yourself feeling very at ease between the two. All right. However, we are attempting to focus primarily on the newer interface because, as you can see, the current Azure Portal experience will be retired on August 1, 2020. We’re making the switch to End Point Manager. So that’s just a quick reminder on that.
Okay? So I’m going to jump back over here. Here I am in Endpoint Manager, and I’m going to click on the device blade. All right, now what we’re thinking in terms of here is enrollment. We’re trying to get our devices enrolled, and I want to talk about configuring enrollment on our devices. Okay? So, once I’m on the device blade, the first thing I’m going to do is click on the Enroll device button. Then, once I’ve entered Enroll Devices, I’ve got some different options here. The first thing I’d like to show you is a concept known as enrollment restrictions.
Okay? So we’re going to click on enrollment restrictions, and I want you to notice that we have some different options here. We can go with it, which tells you that a device must comply with the highest priority enrollment restrictions assigned to its user. So notice there is a priority system here, a priority system.Here’s the first option you’ve got. Define which platforms, versions, and management types can enroll. Right? Now it says that default priority applies here and to all users. Okay? So I can click on that, go to Properties, and it’s basically showing me right here the platform settings that I’ve got. I’ve got Android, iOS, Mac, and Windows; all those options are there, and currently they are all allowed. If I wanted, I could edit that, and then I could block some of these devices. Another thing that’s really cool here is that you can set the version. You can set a minimum and maximum number for the version.
So it’s really cool as well. You can actually specify manufacturer details for Android devices as well. So, if you wanted to restrict based on a specific manufacturer of a specific type of Android device, because, you know, there are obviously all kinds of vendors out there with Google and Android, you could do so. Microsoft created Windows, while Apple created AppleiOS and macOS. But with Android, there are all sorts of manufacturers. You can look up the manufacturer, device manufacturer, and ID number, and put that in there. It will also allow you to work this by name. But anyway, this is going to let me set some restrictions on what types of devices can be enrolled so that my users can’t just enrol any old device under the sun. It’s going to give me a measure of control. All right, so I’m going to cancel this right here. We’ll go back over here to enrol devices, okay? And then there are enrollment restrictions. So we talked about this one. Look down here; we have device limit restrictions.
So define how many devices each user can enroll. So by default, the limit is five. So each user can actually enrol a maximum of five devices at a time. We can click all users, we can click Properties, and then from there, if we want to edit that, we can. You’ll notice that the maximum total is 15. So we can allow users to enrol a maximum of 15 devices. So that means that one user like John Smith can enrol his iPhone, his iPad, his laptop, his desktop, and on and on.
If you allow 15 devices at once, The good news is that it’s not like using a new licence every time. It’s the one licence that the user has. OK, so at that point I could review and save that if I wanted to. and I’ve now adjusted those settings. All right, so setting that up is pretty straightforward. This is where you’ll find your enrollment restrictions. Now, again, keep in mind that if I go back over here, I can create some other restrictions if I want. Type restriction, which will go here, and limit restriction, which will go here And if I do that, I can set a priority level so that if there’s ever a conflict, the one with the highest priority wins. And so that’s what they’re showing you here. And when you do that, you can move them up and down. So that’s pretty straightforward on that.But those are your enrollment restrictions that we’ve got. And that’s going to allow us to have a measure of control over how many devices people can use as well as the types of devices that people can use.
3. Enrolling Windows devices
Okay, we’re now going to talk about Windows enrollment. AlrightSo currently, Windows enrollment involves Windows 8, Windows 8.1, and Windows 10. There is still a way to get Windows 7 LinkedIn and be enrolled in it, but you have to install a special type of client software that’s about to be completely deprecated. So Windows 7 is no longer going to be supported in terms of the Seven is actually no longer supported by Microsoft in general, but it’s no longer going to be supported by management through Intune with the help of endpoint managers. So that’s going away. So you want to really think in terms of Windows 8. One Windows ten, one Windows eight. Of course, the exam itself is going to focus more on Windows 10 than anything else.
Okay, so I want to talk about device enrollment for Windows 10. First off, we’re going to go to devices right here, all right? And again, we are in Endpointment on Microsoft.com, and then from there, we’re going to click on Enroll devices and then Windows enrollment. Okay? So the first thing you’re going to notice right out of the gate is that it says “Automatic Enrollment.” This is going to allow devices to be automatically enrolled into our MDM t. Okay? Devices can be automatically enrolled in various ways. One way that a Windows 10 device can be enrolled or auto-enrolled is by being forced to do so using group policy objects. So if we have a Microsoft domain, we can actually use group policies to force an enrollment on our devices. Okay, so that’s definitely one way that you can do it.
A device can also be manually enrolled, which is another option. Windows 10 can be manually enrolled. So I’ll show you that here in just a second. Okay? Another way a device can be enrolled in Windows 10 is through Autopilot. Now remember, autopilot is a Windows 10 feature. The only thing I mentioned earlier was Windows 8. Windows 8.1 and 1. That’s not an autopilot. Autopilot does not support Windows 8. Windows 8; one of those. It’s just windows. Ten. But we’ve talked about autopilot. You saw me demonstrate all of that earlier in this course, so hopefully you’re already familiar with all of it. But Autopilot is a way that, once a computer boots up and links in, Autopilot can link it into Intune. And at that point, Intune has control of it.
And we here in Endpoint Manager can control all of those settings if we want. So that’s how that’s going to work from there. Of course, with Autopilot, we also looked at the deployment profile. So we’ve seen that before. We actually created a deployment profile, and that’s what’s going to configure the out-of-box experience and all of that on the machine. Okay? This is what’s going to let us manage all this. This is what’s going to let us configure all of this and make sure everything’s turned on. Of course, I also showed you in one of the previous lessons that to support enrollment, you have to make sure you have MDM user scope set to all and Mam user scope set to all. You’re going to manage both. We’ve seen this. This is the same thing as the mobility blade that we saw in the Azure ads. The two are the same.
Okay? So that is making sure that Windows 10 can be enrolled. Okay? Now what I want to show you is jumping over to a Windows 10 computer. Let me show you how I could manually force that Windows 10 computer to be enrolled. We’re going to click on the Accounts button here and then access work or school. Now, you’ve seen me do this before. We had just arrived in Azure. Okay, we’re joined to the domain. But what I did is, by joining AzureAd, it automatically enrolled me in Intune. I disconnected from Azure AD because I wanted to show you guys how I could force my computer to do this manually and be managed through Intune manually. Okay, so if you look over here to the right, let’s zoom in on that a little bit. If you look over here to the right, you’re going to notice that you have only enrolled in the Device Management Option.
So I’m going to click that and watch what happens. The Microsoft account box will appear. It’s going to let me put in my credentials. Credentials in. Okay, so let’s just double-check my credentials by looking up the organization. I want you to remember something. Remember company branding, because you’re about to see that in action coming up here, okay? So look here at the bottom; it says, “Welcome to Exam Lab Practice.” Again. I would not even be able to link to this if I did not do company branding. And that’s the company branding message that we mentioned earlier. Okay, so I’m just going to put my password in now.
All right? It says, “All right, I’m going to stay signed in.” That’s fine. That way, it just keeps prompting me constantly, and it’s registering my device with my organization. Okay, so this is manually linking my device into Intune right now. Okay? So the next thing I want to show you is how I could force people to get LinkedIn to use group policies. We’ll jump over to our domain controller now. All right, here we are. We’ve arrived at our domain controller. We’re going to go to the Tools menu, and we’re going to go into Group Policy Management. So I’m waiting for that to pop up here. and I’ll zoom in on it for you. We’re going to create a GPO group policy. I’m just going to call it auto-enrollment for it for ySo I’m going to do that. I’m going to click Edit now. Edit. That GPO.
All right, pull this down. We’ll go underneath. Administrative Templates for Computer Configuration Policies And then look under Windows components. So you’ll see it right here. There it is. Enable automatic enrollment. So if I wanted to force my devices to get enrolled in MDM, I could actually use that policy there to do that. Another way that devices can get auto-enrolled is if you have SCCM. Another way would be to do provisioning packages. We talked about provisioning packages earlier in the course as well. Provisioning packages are a method of connecting computers and ensuring that they are enrolled in your MDM. Okay, the last thing I want to show you in regards to enrolling Windows devices is that we’re back here in the Microsoft Endpoint Manager after we’ve enrolled our Windows computer, and we’re going to click on devices, and from there we’ll look at Windows, and you can see that my device is now enrolled in Intune. Okay? So we continue on with these little lessons. We’re also going to be learning how we can configure that device. All right? But coming up, we’re going to look at the enrollment of some of the other devices, like Apple and Android.
4. Enrolling non-Windows devices
It’s now time for us to move on to talking about Intune. Microsoft’s MDM solution is now called intune. MDM is mobile device management. And the concept here with an MDM solution is to help us control the different devices and application settings people use on those devices, wherever they are. Okay, so one of the big things now these days—you may have heard this acronym before—is BYOD, which means Bring Your Own Device. And companies are allowing users to do this more and more these days. And so it’s extremely important for us to have a way to control those devices, or a measure of control over those devices. Now, again, one thing I want to say is that MDM is not a spy product. It’s not going to let me read people’s text messages, listen to voicemail, or look at their videos, photos, or any of that.
This is mostly used to control the settings on their device, as well as the apps that are installed on it. Another thing would be to make sure the devices are up-to-date as well and set some policies in place. Okay, so we’re now moving into this concept of enrollment with Intune so the devices can be managed through Intune. Now there are some prerequisites in order to do all of this. So what we want to do is look at some of these prerequisites as we start to talk about enrollment. Okay? So to start with, here I am on Portal.Azure.com, and I’m going to go to the menu bar here. We’re going to click Azure Active Directory. Okay. And we will start with devices right here, this Devices Blade, which you’ve heard me mention a little earlier in one of my lessons. I just want to put it all in one place for you here, everything about this enrollment stuff, okay? So I’ll go ahead and click Device Settings, and then we’ll make sure that users can participate in Azure advertising, okay? Because Azure is usually going to play a role in Intune, right? It’s going to be your directory service.
So I’ve already turned that on. You saw me turn that on in a previous lesson. As a result, users can participate in Azure advertising. So one of the things I want to point out—and I’ll be telling you more about this later—is that I can use Intune with the help of End Point Manager and all that to force devices to get enrolled, and I’m going to talk more about how I can do that later. But ultimately, when they do get enrolled, they’re going to get enrolled under the authority of the user’s Azure advertising account. So if you’ve got a user named John Smith that’s logging on, it’s going to be his account that’s going to get linked into Intune. Okay, so this is why it says users may join. Now is it possible for a userto join on behalf of another user. Yes. And we’re going to talk about that as something called a DEEM, a Device Enrollment Manager.
But ultimately, most of the time, it’s going to be the user’s Azure AD account that’s enrolling in and getting managed through Intune. Okay, so this is the first setting I wanted to show you. Okay, let’s jump back over to Azure ads again. Let’s just start by clicking the menu bar again. We’ll go to Azure, and now what we’re going to do is we’re going to look at this mobility blade, okay? Now the mobility blade is going to help us confirm that Azure AD is going to allow its users to be managed through Intune. Keep in mind that Intune is not the only MDM solution out there. You can get third-party solutions, but of course, Intune is Microsoft’s solution. Okay? So we’re going to confirm here that we’re going to go to Microsoft Intune. We’re just going to confirm that we’re allowing it to be managed. Now you will notice that, by default, Intune is not set to configure your users. Yet there are two things that Intune is providing us with. Intune offers MDM (mobile device management) and Mam (mobile application management). Now what’s the difference? MDM allows the Intune solution to manage all the device settings.
Okay? Then Mam allows Intune to manage all of the applications on the device, such as restricting them, uninstalling them, forcing them to be installed, keeping them updated, and so on. This is similar to your little on/off switch in an Active Directory for confirming that you’re allowing Intune to manage your devices, users, and devices. Okay? So I could do everything or just some of it. I’m going to do something that’s going to let me pick and choose who gets managed. I’m going to say everything for both Mam and MDM. So this is very important. This is a prerequisite, something you want to remember for the exam—that you have to confirm using the mobility blade here in order for that to take effect.
So I’m going to hit save. And now I’ve officially confirmed that Intune is going to be managing these users. Okay? The next thing I want to show you here is that we’re going to go back over to Azure Active Directory. You’ve seen me do this before, but I want to remind you because company branding is important. You cannot have devices enrolled unless company branding is done. Okay? So I’ve gone here. If you did not have anything here, you would have a new button. I’ve already got one, so I’m going to click on it. And the absolute requirement to do this is right here. It says sign-in page text. You have to have sign-in page text. You can spruce everything up and make it look nice with banners and all that good stuff. But the absolute requirement is the sign-in tax. If you do not have sign-in text, It will not allow devices to be enrolled. OK, so that is a requirement. So I’ve already gotten that done. All right. And then finally, the next thing I want to show you involves licenses. Okay? So, for the time being, we’ll remain in Azure Active Directory. We’re going to click on the licences button here and look at our licenses.
So I’m going to click on every product. When it comes to tuning, I prefer to use an analogy. It’s kind of like going to a fast-food restaurant like McDonald’s. OK, you can go to McDonald’s and order just a hamburger, right? You could order just the fries or just the drink, or you could get the meal. Okay, so most of Microsoft’s licences work that way, especially if they involve security. You can order them ala carte if you want, right? In other words, I could get Just in Tune if I wanted, and I could pay a fee based on a subscription fee per user that uses it, okay? Or Microsoft has a package deal, and that package deal is called EMS Enterprise Mobility Plus Security. Now, if you guys are doing this with one of your own tenants or whatever, you can actually get a trial of Enterprise Ability Plus Security. All you have to do is click “Try it right here” and you can activate your free trial. Okay? So you do that, you say “activate,” and Microsoft is going to let you activate for 90 days, and they’re going to give you 250 licences to play with. It’s pretty cool. So you can give that a shot. Let’s see what all those Enterprising Plus Security offers you.
Okay, now let’s look at service plan details, and you’ll notice you get all of these items here if you have the Enterprise Mobility Plus Security plan, which we’re going to be talking more about as we move along here in the course. But the key that I want to focus on right now is this guy right here, Microsoft Intune. Okay? So in order for a user to be managed through Intune, we have to make sure that they have a license. So if we come back over here where it says “License for All Products,” click on it. Actually, you could have just clicked on “License Users” as well. And at that point, you’ll see all the users that are licensed. Okay, so I can click Assign Licenses, but keep in mind that if I want to assign this license, I also have to make sure that the user has a usage location. So let’s go back over to Azure Active Directory again, and let’s click on Users. OK? and we are going to licence John Smith. So we’re going to click on John Smith. In order to licence John Smith, he has to have a usage location, which he does. So there he goes.
United States. All right. So I just wanted to show you that if Auser lacks a usage location, you can go to Canalways Edit and add one. You can also automate giving all your users the same usage location with PowerShell if you want. That’s going to be the easiest way to do it with PowerShell. Okay, so I’m going to jump back now. We’ll go back over to Azure Active Directory again, and we’ll go back into licenses. All right. And then we’ll go to all products and click on Enterprise Ability Plus Security. And John Smith has already gotten the license, so he’s good. Okay, but if we wanted to assign to another user, we could. All we have to do is come over here, specify the user we want, make sure they have a usage location, and we can click the assign button. So it’s really easy to do that. So, guys, those are the minimum requirements in order to get enrollment going. As we move forward with this enrollment lesson, I want to make sure that we understand the bare minimum requirements and that some of those things may appear as questions on your test, so make sure you understand what those requirements are.
5. Generating device inventory reports
Okay, so now that we’ve gone through and looked at device enrollment, okay, we’ve got at least a Windows 10 device here that’s been enrolled. The Windows 10 computer is the NYC Co. I want to look at just a few reporting options now that we’ve got them available to us. OK, so here we are again at endpoint Microsoft.com. We’re going to come over and click on this report blade, and you’re going to notice that it’s kind of slim pickings here. There are not really a lot of reports available. And this is because Microsoft wants you to go to this data warehouse option, and they want you to use Power Bi. This course does not cover Power Bi. There’s a whole other course on PowerBI and a whole other certification. But this is how you could build custom reports.
So Microsoft has this thing known as “power bi.” That’s the business intelligence, and from there, it can basically gather all sorts of statistics and analytics from your environment. And Microsoft supports the graph API that they’ve built. This is a thing called the graph application programming interface. So, all of these little reports and things that you’ll see from time to time throughout Azure, Microsoft 365, and Intune, an endpoint manager, are built on top of the Graph API, which is built on top of Power BI. So, business intelligence, okay, so they didn’t really give us a tonne of reports here where we could quickly grab information if we wanted. There is a device compliance thing. We’re going to be talking about compliance here, where we can see if devices are compliant. But we haven’t really set any compliance policies yet, so there’s really nothing there to see. Now I will tell you a little secret, and this is something you want to know for the exam, and that is that there is a way we can generate some reports if we want. We want to see some device inventory and all that, but you kind of have to hop around to get to it.
So I want to show you this right now. I’m going to jump to Portal.Azure.com, okay? And we’re going to go to this menu bar here. We’re going to click on all services, and we’re going to search for Intune, and we’re going to use Intune for education. So, as you heard me say a little while ago, Intune is something that Microsoft offers to the education system to manage their devices, school systems, and all that. But guess what? We can use it. And the intuitive system for education actually has some automated reports that we can look at. So we’ll go here to reports and look at all these little reports that are built in—that we didn’t have over an end point manager. Okay? So this is really cool. Alright, and again, you do want to know about this exam. I can get a device inventory. Device actions. Report application inventory settings errors. Report Windows Defender reports and autopilot deployment. Okay, so Device Inventory is going to show me all the devices that are linked to my environment. OK. Notice that I can also download this if I want. You can download it as a CSV file if you want and pull it up in a spreadsheet. You can perform device actions. This is going to show you all the actions that have been performed against the devices. I haven’t done that yet. Actually, I’m going to explain actions here a little later.
You have an application inventory. Any applications that have been installed on your devices will appear here. Settings errors. If you have any errors, they will be displayed. Okay. I’ve got windows. Defender. This is letting me know. The Nyccl One has been scanned for formalware, and it is currently clean. So this is going to help us keep track of malware. All right. We also have autopilot. This would show us if autopilot has occurred. Okay, so I’ve got this device here that’s saying that this device is ready to be enrolled. So again, these are nice little reports. By the way, if you’re using an Apple device, this device inventory report will tell you whether or not that device has been jailbroken. Jailbreaking is where you change the operating system, update the operating system, and get admin rights over the entire operating system. Apple doesn’t really like it when you do that. In the Android world, they call that routing. So you could also see if you had an Android device that was rooted here. Okay. But, once again, in tune with education. It’s a great way for us to see just a few reports. Don’t have to jump into PowerBI, have licencing for that, and build custom reports to get all this. We can actually see it with the help of Intune for Education.